SHIFT

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


o365globaladmins
Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
o365globaladmins [2017/12/18 21:55]
sjoerd
o365globaladmins [2018/07/06 13:21] (current)
sjoerd
Line 5: Line 5:
 = List and Export Global Admins in Office 365 = = List and Export Global Admins in Office 365 =
 First step is to know  First step is to know 
- 
- 
- 
- 
  
  
Line 43: Line 39:
 </​code>​ </​code>​
  
 += Export All Admins to CSV File =
 +This script exports all admin roles and additional info about the admin accounts to a csv file:
 +<code powershell>​
 +$startdir = "​D:​\admin"​
 +$csvfile = "​$startdir\roles.csv"​
  
 +# Define csv table
 +$arrPermissions = @()
 +# Define a start number for easy counting
 +$i=0;
 +
 +$roles = Get-MsolRole
 + 
 +foreach ($role in $roles) {
 +    $members = Get-MsolRoleMember -RoleObjectId $role.ObjectId.Guid
 +    #if (!$members) { continue }
 +    foreach ($member in $members) {
 +        $objPermissions = New-Object PSObject
 +        $i++;
 +        Add-Member -InputObject $objPermissions -MemberType NoteProperty -Name "​Number"​ -Value $i
 +        Add-Member -InputObject $objPermissions -MemberType NoteProperty -Name "​Role"​ -Value $role.Name
 +        Add-Member -InputObject $objPermissions -MemberType NoteProperty -Name "​UPN"​ -Value $member.EmailAddress
 +        Add-Member -InputObject $objPermissions -MemberType NoteProperty -Name "​Display Name" -Value $member.DisplayName
 +        Add-Member -InputObject $objPermissions -MemberType NoteProperty -Name "​Type"​ -Value $member.RoleMemberType
 +        Add-Member -InputObject $objPermissions -MemberType NoteProperty -Name "​isLicensed"​ -Value $member.isLicensed
 +        if ($member.RoleMemberType -ne "​ServicePrincipal"​) {
 +            Add-Member -InputObject $objPermissions -MemberType NoteProperty -Name "​isSynced"​ -Value (&​{If((Get-MsolUser -UserPrincipalName $member.EmailAddress).LastDirsyncTime) {"​True"​} Else {"​False"​}})
 +            Add-Member -InputObject $objPermissions -MemberType NoteProperty -Name "​PasswordNeverExpires"​ -Value (&​{If((Get-MsolUser -UserPrincipalName $member.EmailAddress).PasswordNeverExpires) {"​True"​} Else {"​False"​}})
 +            # Because we enable MFA using a location based access rule teh MFA setting is not set so the the line below does not work as expected
 +            # Add-Member -InputObject $objPermissions -MemberType NoteProperty -Name "MFA Enabled"​ -Value (&​{If((Get-MsolUser -UserPrincipalName $member.EmailAddress).StrongAuthenticationRequirements.State) {"​True"​} Else {"​False"​}})
 +            # So instead we check if the StrongAuthenticationMethods is empty, as this one is filled after configuring MFA by the user
 +            Add-Member -InputObject $objPermissions -MemberType NoteProperty -Name "MFA Enabled"​ -Value (&​{If((Get-MsolUser -UserPrincipalName $member.EmailAddress).StrongAuthenticationMethods) {"​True"​} Else {"​False"​}})
 +        }
 +    $arrPermissions += $objPermissions
 +    }
 +}
 + 
 +$arrPermissions | Export-Csv -NoTypeInformation $csvfile
 +</​code>​
  
  
 = Resources = = Resources =
-https://​blogs.technet.microsoft.com/​canitpro/​2015/​06/​02/​powershell-basics-list-and-export-admin-roles-assigned-to-office-365-users/​+https://​blogs.technet.microsoft.com/​canitpro/​2015/​06/​02/​powershell-basics-list-and-export-admin-roles-assigned-to-office-365-users/ ​\\ 
 +https://​support.office.com/​en-us/​article/​about-office-365-admin-roles-da585eea-f576-4f55-a1e0-87090b6aaa9d \\
  
 {{tag>​o365 cloud scripts unfinished}} {{tag>​o365 cloud scripts unfinished}}
o365globaladmins.txt · Last modified: 2018/07/06 13:21 by sjoerd